Chris Gerling

I must apologize again for the lack of show notes lately.  I didn’t make the time I should’ve.

Anyway, getting down to business:

I focused in on a couple of things during this series, as trying to compact the entirety of the OSI model and TCP/IP/wireshark would just be impossible, and I would probably have to charge you money.

I wanted to really focus on allowing people to understand the foundation of how the internet is kind of built, without having to memorize all sorts of terms.  At the same time, I wanted to delve a little deeper into the TCP/IP portions of a packet and really allow people to understand what a packet is and does in terms of communication.  Finally, I wanted to show them a tool that pretty much every seasoned IT professional has used to look at packets and perform analysis of any sort.

For 406/408, I highly reccommend just reading wikipedia articles and RFC’s if you are really interested in learning more about this.  I also suggest finding a decent TCP/IP book.  I don’t want to be an advertising link whore so I won’t be spewing out an amazon associate link to a random IT book here.

In 409, I used wireshark’s own manual and wiki, which is just stellar.  Here is a link to their documentation page:  http://www.wireshark.org/docs/.  Trust me, there are far more advanced things you can do with their filters/expressions.

If you have any specific requests, please contact me either via feedback@hak5.org, this site, or you can also IM me through my digsby widget on the front page of the site if you allow it.

Sorry guys.

With this move and the new job, I have been far busier than I ever thought I could be.  Now that I actually have my computers all up and running expect something in the next week to catch up for what I haven’t done.

Apologies to those expecting show notes for episode 404. I should have them up later tonight.

Hey guys,

Thanks for watching part 2 of the reverse engineering series.  HUGE thanks to Chris Gates of LSO as well as Pedro D’Aquino whose solution I drew heavily on in order to create a logical walkthrough of how to solve the Crackme.

Crackmes are pieces of software that allow people to gain practical experience in reverse engineering without having to resort to less legal means of exercising their skills.  There are numerous sites out there that offer them.

Chris Gates, a friend of mine, started releasing crackmes as contests awhile back, and I covered one of them on 3×07.  The basic overview of this particular executable is that there are 4 buttons that appear in a GUI when the program is launched.  The top 3 buttons play tones, and the bottom button plays 3 tones that are supposed to match the top 3 tones.  Initially, they do not match, so it is up to you to figure out how to modify that executable in order for it to match.

We use Lutz Roeder’s .NET Reflector to open up the .exe initially, as it looks like managed code.  From there, after a little looking around, it’s apparent that something is amiss with this code, and that it’s not displaying like it should.  The problem is that the real .exe is compressed within this using something called NETZ.  In the show we go through how to unpack this .exe.  Here is the full python script:

#import zlib library
import zlib
#open the file which contains the compressed executable
fZip = open(“zipped.zip, “rb”) #we use ‘b’ as it is a binary file
#create the file in which we will store the unpacked exe
fUnzip = open(“Crackme03Original.exe”, “wb”)
#read the contents of the zipped file
compressedData = fZip.read()
#..and unzip it
uncompressedData = zlib.decompress(CompressedData)
#Write it to the file and we’re done!
fUnzip.write(uncompressedData)
fZip.close()
fUnzip.close()
exit()

After this, we open up the new .exe in .NET Reflector and find that the main windows form is called Form1, and Play_Click gives us a big tell that we’re closing in what we have to modify.  The program is checking the tones through comparision of hardcoded values of an array against hardcoded constants.  If you look in the dropdown menu under the toolbar there should be an IL selection, which shows the way the array is initialized.

Hovering the mouse over the instruction should give you the bytecodes you need.  From there, it’s as simple as converting hex and replacing values as shown in the segment.

For the full solution, please head over to LSO and to Pedro’s solution.  All the credit goes to him as he has an extremely good writeup that is very easy to follow.

See you next time!

PS:  cowboy informed me that there is a plugin for .NET Reflector called ReflixII that will help patch the .exe a little easier than manual hex editing.

I’ll have my show notes up from the segment I did for episode 403 tomorrow.  It will be out at noon EST at Hak5 and Revision3.

Hey guys.  Hope ya liked the Episode.  I was trying not to go too fine grain, while also covering the basics.  I think it’s important to note that, with most of the really technical segments, unless it’s something being built (either hardware or software), it’s hard to go in depth enough to feel satisfied unless it was a 30 minute segment.  I strongly encourage you guys to use google to find more information, and to do research.  You won’t learn enough to be too dangerous without fully understanding the theory yourself.  Thanks for watching!!!!

In part 1 of Reverse Engineering I go over some basic theory and demo some tools associated with the Crackme scene of reverse engineering.  This is not hardcore reverse engineering that will get you on the RELOADED team, but it’s a nice peek into things.

Tools of the trade (there are MANY MANY more):

WINDASM (W32DASM):  I cannot link you to anything official as it’s no longer obtainable from the original vendor, so you’ll have to google for it.  Be wary of any copy you download, virus scan it, and run it in a VM or on an isolated machine first.  No guarantees.

IDA Pro:  Industry standard.  Extremely useful for almost any kind of file.  We demo the older free version for lack of $500.
OllyDbg:  Debugger similar to IDA Pro
PEiD:  Detects packers, cryptors, and compilers.
.NET Reflector:  Typically used for disassembling .NET applications.

Big Endian is akin to SONAR being sent as SON AR
Little Endian is akin to SONAR being sent as AR SON

Registers = Variables
32 bit = e
16 bit = different size, ax, bx, cx, dx, di, si, sp, bp
8 bit:  al, ah, bl, bh, cl, ch, dl, dh.  l means lower 8 bits of 16 bit reg, h means higher
Flags = boolean values, 1 or 0.  Zero flag can get 0 or non zero (1) values.

The idea is to debug and disassemble to find out exactly how a program works, thereby enabling you to modify characteristics of that program to suit your needs.

In Part 2 we finish these notes and actually show you how to navigate through code.

What a whirlwind!

I’m a bit late to the punch again but as you all know, Hak5 signed an agreement with Revision 3 networks.  You can find the press release here.  This is huge for us, and lets us focus our efforts on getting the show made without having to worry about marketing or distribution.  We film, send the footage to Rev3, who then does their thing with it, and releases it for us.  The first episode will be September 8th, at midnight, followed by the second episode 2 days later on September 10th, at noon.  From then on, every single week there will be a new Hak5 show, always at noon on Wednesday.

I guess a benefit of not getting around to writing that until now is that we filmed 401 and 402 yesterday and already I can see the benefit of having Rev3 onboard with us.  Filming 2 episodes in one day seemed daunting, and initially was, but mainly because we hadn’t filmed an entire show in many months, so we had to spray a little WD40 and work out some kinks.  Once that was done, we were able to start rocking and rolling, and the technolust was strong.  Yesterday’s experience tells me that within a month or two, we will be so comfortable in creating the shows, that not only should we be able to complete our shooting faster, but everyone involved will be very comfortable with one another, and it will show when we throw back and forth to each set.

One problem with the way things were done before, was that we were trying to shoot a good hour or more of stuff one weekend a month.  This, along with some procrastination, had us waiting until the weekend before the 5th each month to shoot everything and edit it to get it out the door.  You would think that switching to a weekly release format would be too much for us to handle, but the opposite is true, and here’s why:

• Totally redesigned set:  There are now 3 different sets in the house.  The “China” set in the corner, the “main” set on the same wall the monolith used to be, and then the “side” set (I apologize if I don’t know the official names for these sets, it just isn’t something my brain cares to remember) which is usually where I will be, along with any guests we have.
• Segment schedule, calendar, and scratchpad.  We now have dedicated documents that we can all go in and edit that have the segment listing for all of the upcoming shoots, who is doing what, how long their segment is roughly going to be, along with notes, links, and all that good stuff.  We had a mailing list before, but this time we’re serious about it and everyone is participating and communicating much more effectively.
• Experience:  Darren, Matt, Paul are the seasoned warriors of this trade and it really helps.  I’m inching along and getting better, and I think it showed last night when I did my segment.  I was the most comfortable in front of the camera than I had ever been before.  Standing in with Matt on his segment was still something I need to get better at though, in terms of asking questions and taking charge of the flow, as a “watson” seems to have to do.  Christine and Shannon are picking this stuff up extremely well, and probably have a better camera presence than I do, of course they’re social creatures.

I’m very much looking forward to these next 2 years.  There is a TON of good content lined up, and we’re eager to show it to all of you!

This took me a little while to get around to.  Hopefully it helps anyone who is planning on going down there, but the main goal is just to tell you a bit about what we did while we were there.

Christine and I booked a trip to the Luperon Beach Resort in the Dominican Republic about 6 months ago.  We used the Armed Forces Vacation Club and waited as long as we could for cheaper plane tickets.  I’ll have a total cost breakdown at the end of the post.

We partied at the Hak5 house the night before we flew out, and well, we partied a little too hard.  I was approximately 1 second late in putting my credit card into the e-ticket checkin thing at the airport, and thus we had to be standby for the next flight to Atlanta.  Luckily for us everyone thought we were married and on our honeymoon, because we got some sort of special tags put on our standby tickets, which allowed us to bypass everyone.  Sorry to anyone we screwed over on that, we had no idea what was going on.

The flights to the Dominican weren’t that bad, obviously I hate flying so I just had to deal with it.  We landed in the early afternoon, and after a $90 cab ride, got to the resort at 5pm or so.  It then promptly started raining, and kept raining until late into that evening.  Luckily for us though, we only had to deal with rain twice during the entire time we were there, and left right in time to avoid the recent tropical storms and hurricanes that have made their way through the Caribbean.

Some of the events we did included horseback riding, dance lessons (which I was horrible at), crazy games (usually some sort of watersport that you won some rum or viagra for.. yes, viagra!), kayaking and more!  Each night there were also shows and events on at least 2 different parts of the resort.  We did karaoke one of the nights, and participated in some of the games they had on stage another night, where we danced in front of over 100 people and they judged which couple was the best.  There was ALWAYS something going on, other than during 2 siesta periods during the day, and obviously after the “disco” (dance club type thing, not exactly like we have in america, but close) shut down at 2am.

The place was pretty much a 2.5-3 star resort, so if you go, don’t expect to be living like a god there.  It’s nice, but you can tell they make their profit by everything being as cheaply done as possible while still remaining of a quality that won’t piss too many people off.  Prime example of this was the tennis/basketball/archery area.  The courts looked good, and there was equipment for it, but it looked like a bunch of used stuff from a high school that went out of business.  On the other end of the resort there were some water activities you could partake in, such as a mini-sailing lesson on a pretty mucy one-man boat type thing with a sail on it, which was very primitive and not something my clumsy self could pull off very well.  You could also take out ocean kayaks probably a few hundred yards out before they came out to pull you back in (guess their insurance is picky).

The food was about what you’d expect out of a 3 star facility.  Good, but not godly.  One weird thing about the resort (and this ties in with the subject of food) was how everything was setup according to a schedule during the day.  We conveniently forgot my watch, and refused to spend 20 bucks on one that we’d only use a few days, so we were constantly asking everyone what time it is, so we didn’t miss something.  There were BBQ type food places that had random stuff each day, sometimes fish fries, and always some pizza to go along with whatever the main option was.  Those were only open from noon-ish to about 4:30 in the afternoon.  The main buffet which served as the place to go for every mean was open for breakfast, lunch, and dinner and usually had some great food mixed in with some average food.  There was always at least one cook making some kind of custom something for each meal, whether it was omelets, lobster, steak, burgers, fish, or even pasta.

If you reserved ahead of time (typically the first morning you were there), you could book the “el restaurante” dinner which was in a different building, and required dressing up a little to go in (mainly closed toed shoes and long pants for men, women were pretty much able to wear whatever they wanted as long as it was classy).  I only brought 1 pair of jeans and some sneakers, so I looked like an idiot the 4 times we went.  Our first night was Italian, and boy that was amazing.  The mozarella stick was better than any other i’ve had in my life, and was probably 4x the size, and you could tell it had not been frozen beforehand.  Brazil night was the worst of the 4, they simply didn’t have enough waiters to pull off going around to everyone constantly with kabob sticks full of steak/chicken/veggies/shrimp/etc.  What we did get was few and far between.

Spanish night was a not as distant 3rd, the problem being that we were eating food that was more american than spanish.  I guess they didn’t know what spanish people ate.  Mexican night was a close 2nd to Italian, but obviously couldn’t touch it.  One thing I noticed a distinct lack of was hot sauce and bbq sauce.  The only place we found even one of them was at the restaurant, and their hot sauce wasn’t really that great.  I guess these people just don’t have our tastes.

Although our stay on the resort was very nice, the best time we had during the entire vacation was when we spent $49 each to go on a Catamaran trip.  There were a bunch of other similar trips going on throughout the week, but none were as cheap, and as it turns out, none were as good.

We left at appoximately 8:30am and I think after all of our flip flops were in a bin, roughly 20 of us piled onto the catamaran boat.  With plenty of sunscreen on (yes, note for anyone who heads down that way, bring a TON of sunscreen, you WILL run out, trust me, bring lots, lots lots lots) we were on our way into the middle of the ocean, it seemed.  40 minutes into our voyage, we arrived at a buoy, which was a marker for where schools of fish passed through often I’m guessing, because they threw some sort of fish food into the water and told everyone they could put on snorkel gear to see the fish/coral up close if they wanted.  Christine did this, but I was feeling very seasick (a first for me) so I didn’t get to do this.

After a short while, we continued our trip, and were joined by a school of dolphins who swam with our boat for awhile.  Christine and I were sitting on the front of the catamaran with our legs hanging over, and some of the dolphins swam right underneath our feet, keeping up remarkably well.  Our next stop was a beach on what looked like a small uninhabited island, where we all had some rum, broke open some coconuts, and made a bonfire.  We partied there for a little while, and then headed out to sea again, this time our destination was an inhabited island.

Once we anchored and swam to shore, we were greeted by the locals there, who immediately wanted us to buy ice cream.  We politely declined, and a short time later we were directed to some tables that were setup to eat some lunch.  The food was very good, although I could tell it had been brought there, most likely by the resort, probably for health reasons.  We then went over to another part of the village where there were a whole bunch of tables setup with wares on them.  Haggling with the locals was fun, and we managed to come away with a pretty even amount of goods for what we spent.  I bought a tobacco pipe, some rum and a bottle of “mamajuana” which had bark from some local tree, and was said to give any liquor put into it and cured for 2 weeks healing properties.  Ironically, I think it helped us out, as we took a couple shots out of it during our bout with a rotavirus we could later come down with after we got home, and our recovery was rapid after that.

Once everyone had spent all their money, we were taken through the village and got to see various buildings, chickens, people, and a little pig farm.  Further down the path was the enrance to another beach, in which we had some more fun with the locals.  Christine taught some of the kids the game “tag” and there was much laughter.

Finally our time there was at an end, and we gathered our things, went back to our catamaran, and headed back to the resort.  We departed a day and a half later, taking with us memories that we will have the rest of our lives.

For anyone interested in just how much this cost us:

Resort cost:  $329 for the week through the AFV Club
All-inclusive fees:  $560 for both of us ($40 per person per day)
Plane tickets:  $992 for both of us.
Cab rides to/from resort:  $180 total.
Goodies bought:  $60 + trading an old beat-up digital camera, and cd player.
Airport food to/from:  $40
Gas to/from airport:  $35ish

So about $2200 for 2 people for a week at a resort in the Caribbean.  If you’ve done better, great, we’re not trying to show off, just trying to help people gauge realistic costs.

Thanks for reading, I hope you enjoyed it!

Juggling 30 is well, 10 times as hard?..

It’s actually not as bad as it seems sometimes.  Things usually have a way of working through their cycles regardless of your input.  Obviously if you care about the results you want, there will be participation on your behalf though.

SecuraBit is getting larger, but the cool thing is that we have an amazing selection of people behind it, and that really helps because no single person has to think of everything, run everything.  It’s a group effort, which makes for less pressure on each individual.  We’ll be doing our bi-weekly shows as usual, but also some spontaneous shows whenever we get the itch, such as the show Rob and Anthony ran the other night to get some timely comments in on the whole DNS fiasco that’s gone public.  If you haven’t heard about it, and you’re in some way or another involved with IT, I would highly suggest doing some quick reading on the matter and either patching your stuff, or getting the word out to your staff to do it.

Hak5 is about to start hitting full force again.  I’m looking forward to participating in creating some more technolust for all who are interested to enjoy.  We have some pretty good ideas kicking around so far, one of which involves possibly stomping all over the warranty on my 2008 highlander, and boy do I ever love voiding warranties on things.

I’m torn between staying in the area, and moving a few hours away.  There are some pretty kickass jobs up towards DC that would be VERY rewarding professionally, yet I hate the idea of being so far from the people who make life fun, my friends.  I’ll know more in a few weeks as I edge closer to the time in which I must make an absolute decision.  Either way, I already drive at minimum an hour each way on most weekends, so 3 hours wouldn’t be that much more painful.

     Christine and I returned last night from our weekend up in Western NY.  We left Friday morning at 5am and amazingly, hit no major traffic.  After arriving at my sister’s place in Springville, NY we went out to dinner with a good portion of the family and then saw the town’s display of fireworks near my old elementary school.

The following day a whole bunch of us went up to my uncle’s cottage by Java Lake, where we cooked out over the campfire, went fishing and paddle boating as well as swimming.  Later that night Christine and I were left with the cottage to ourself, and we were able to see a few different displays of fireworks over the treeline on the other side of the lake.  The cottage itself is very beautiful, something I wouldn’t mind owning someday myself.

Sunday brought a bit of sleeping in, and after a power outage in the area around the cottage we departed for my sister’s place to pickup some things we had left there.  On the way we stopped and picked our own strawberries in a field, 1 quart cost us $2 which is pretty cheap.  After that we randomly stumbled across an annual festival that the village of Sardinia has, which had some carnival rides, games, a horse show, chicken bbq, and a small park.  We had a great time in the few hours we spent there, and then departed for my grandmother’s house out in the country.  We swam in her pool, had bbq ribs for dinner, and then headed up to Buffalo, NY where my sister and her boyfriend took us, along with my Mom up to see Niagra Falls.

We took the pedestrian walkway and didn’t realize we needed our passports, but the canadian border patrol guy was nice, and believed we were U.S. Citizens so he let us enter.  A short walk past the Hard Rock Cafe led us to a small town center-ish area where a bunch of people were gathered.  Christine inquired about what was going on and we found out that there were going to be fireworks, which promptly started 5 minutes later and were quite amazing, shooting right over the falls, which were lit up and very colorful.  Returning to the US was a cinch, as they didn’t even ask us for passports, although we weren’t pointed to the correct exit so we had one last run-in with border patrol at the bus exit, and were allowed to go about our business and return home.

The drive was about 11 hours each way, and we returned last night at about 12:30am, just in time to get some sleep and get back to work!  Pictures will be included in this post later tonight.