Standard Mischief

For March 31, the “Button Guy” over at http://www.biggiantbutton.com/ (which is a big flash app which every day links to a new site) linked to my blog buddy, Jacqueline Mackie Paisley Passey. To tell you the truth, I think the idea is pretty silly, and I said so over there, but he has done something cool to earn himself a linkback. What follows is some basic standard *nix mischief.

I grabbed the flash file off his server using cURL and saved myself a copy:


standardmischief $ curl http://www.biggiantbutton.com/button.swf -o button.swf

Then I used a program called flasm to peek inside it:

standardmischief $ flasm -d button.swf|less

That should give you an idea of what’s inside that little app. I think it looks on your local system for the day of the month and then sends you somewhere based on a table inside the app. You can see it if you do something like this:

standardmischief $ flasm -d button.swf|grep -o 'http:[-a-zA-Z0-9/\._]*'|head -n31

Did you follow that? Good, OK, then I got this obvious “sock puppet” comment here:

?Hey there, stumbled onto your blog via the blog linked from the Big Giant Button today.

…?

Umm, OK, Hi Jay Button Guy. You do know that nowhere in the world is it April 1st yet, so that big button should not have sent you here yet unless your clock is off.

Suspecting a joke, I grabbed his flash file again, naming it differently this time:

standardmischief $ curl http://www.biggiantbutton.com/button.swf -o button2.swf

This is where he earned the linkback. Using the flasm line above, I got the same output as before, but the original files are different:

standardmischief $ md5sum button.swf
23fbd93380ce9dcd7ce7455abe605842 button.swf

standardmischief $ md5sum button2.swf
fbb59a2e1792dd06cd3940cf0b7d07f6 button2.swf

There’s an extra 220 bytes too:

standardmischief $ la button*
-rw-r--r-- 1 standard mischief 35348 2006-03-31 20:10 button2.swf
-rw-r--r-- 1 standard mischief 35128 2006-03-31 10:02 button.swf

So I assumed that he spoofed my regex expression [-a-zA-Z0-9/\._]* with something like this:

http://www.joecartoon.com@standardmischief.com

Which should send you back here. But that does not seem to be the case. I’m also not 100% sure that he really did link to me, or that is further is part of the joke.

Really gives that old gray matter a workout.

Because the decompiler output matches exactly (except for the filename):

standardmischief $ flasm -d button.swf> button.txt
standardmischief $ flasm -d button2.swf> button2.txt
standardmischief $ diff button.txt button2.txt
1c1
< movie 'button.swf' compressed // flash 7, total frames: 1, frame rate: 12 fps, 550x400 px
---
> movie 'button2.swf' compressed // flash 7, total frames: 1, frame rate: 12 fps, 550x400 px

I’m guessing that he threw in some kind of junk that breaks the Flash standard, but that’s just a Wild Ass Guess right now. Updates, if any, to follow.

Update: Sorry about the crappy whitespace around the code examples. I can’t figure out the style sheet right now to fix it. Bash can ignore extra whitespace, I hope you can too.

Update: What a letdown! See the comments.

I overpaid for this can, I think it was 11-something bux at a gun show, but if it saves you half an hour under the greasy metal beast it’s totally worth it.

I don’t know what’s in this stuff, or why its not sold everywhere on the planet, or why people keep telling me that they no longer make the stuff because of EPA regulations, but it works. It seems to dissolve rust. It’s fully an order of magnitude better at penetrating than olde water displacing number forty.

Once I had to move a lot of studs off of an engine block to transfer them over to another block. I’m not exactly sure why the rebuilt block didn’t come with the whole 10 bux extra worth of studs. I would have even ordered and paid for them if I had the documentation that told me what I needed. If you ever do an engine swap, you will burn up an amazing amount of time running around to pick up this or that, but it’s not like I could have ran out and bought new studs at the local, convenient, 24 hour, metric weird hardware emporium. So I either had to reuse the studs I had, or overnight them from someplace like MSC (also recommended, a mecca of pure unobtainum).

I used the Kroil, let them sit for 30 minutes, and then put on double nuts locked together so I could back the stud out. The short story was that I got every single stud out intact for reuse.

Tonight, I tackled Toyota half shaft number 4. I should have tried the Kroil first, but I thought I had my magic mojo in the silver slapper I had rented. About to give up in frustration, I gave it the holy sprinkle drenching of Kroil, and stepped out for a brainstorming half mile hike. I attacked with the prybar when I got back and actually made some progress. I reattached the silver slapper and finally got the damn thing out. The bearing was rusted pretty well to the steel casting it was mounted to.

Besides hardware stores, lots of shooting supply mail order places carry it too. I’ve used both the liquid and the spraybomb cans and they work equaly well. Try Froogle.

–
Extra tags, for Google’s sake: driveshaft, half-shaft, camry, repair

–

Although it’s not a complete step-by-step, the driver’s side half-shaft was covered in my blog here.

Ok, so I snagged a copy of Spychips from a local bookseller, a one day before it’s official release date. Just checking Amazon right now, it’s ranked at #61 for non-fiction, probably from pre-orders. I’m finding that very surprising, but that’s exactly what we want. Despite the alarmist tone set throughout the book, RFID tags and related technology really are a threat to our privacy and freedom. I can only hope this book sets off a firestorm. RFID stands for Radio Frequency Identification, and they are little transmitters with unique numbers that can be hidden in all kinds of things.

My own experience trying to relate basic info about RFID tags to others have pretty lackluster. Their eyes glaze over. They nod and switch the subject. They are not alarmed as long as its only used on the “violent felons and child molesters”. You do want to protect our kids from them, right? You ain’t one of those “mark of the beast” holy rollers, are you?

This book does a very thorough job at explaining the potential for the abuse of RFID technology. I’m sure the authors sat around many a brainstorming session to think of every creepy scenario. The book is heavily footnoted, in part, I think, to prevent it from being dismissed as fringe literature and being grouped in with the HAARP weather control gunk, and the flat-earthers.

If you are looking for technical details, this is the wrong place. “Megahertz” is only briefly mentions once, in a sidebar. They only gloss over the difference between “passive” (unpowered) and “active” (contains a battery or other power source, can be read from further away) tags. Perhaps this is for the best.

One disappointment was the lack of a lexicon. I think that the next level of discussion should include language to distinguish the difference between different types of tags.

For example: in chapter 10, there is a discussion of Speedpass, a RFID embedded keyfob, linked to your credit or debit card, that lets you pay for gas and snacks at Exxon-Mobil gas stations. It has already been cracked. I would like this tag to be described as “unpowered” (instead of “passive“). Furthermore, I would also say this tag was “promiscuous” (when activated, it will power up and identify itself to anyone), “silent” (does not let the owner know when it is communicating), and it’s only security is a weak “challenge-response“.

Details of the exploit are on the above linked site, discussion is here, (duplcated from here) but briefly, the fob was brute-forced attacked. The attacker would slide up to the victim and simulate a speedpass reader terminal with a laptop. The attacker would query the speedpass with multiple requests and record the response. The results were crunched to find the internal key of the speedpass, and then the fob was simulated with a laptop at the pump. Because the speedpass is “silent“, it failed to inform its owner, (with a beep or flashing light), that it was being accessed. Because the tag was “promiscuous“, it could be brute-forced anywhere. A simple pushbutton switch added to the speedpass would be a highly effective security countermeasure, and attacker would have to physically hold the button down, while brute-forcing the fob, and if going through all that trouble it’s likely easier for the attacker to just steal the fob at that point. A stronger encryption scheme would help also.

Despite the lack of technical jargon (or perhaps because if it) I’m still recommending this book, especially for the novice. It’s thought provoking and easy to understand.

–
An additonal review by Bruce Sterling, who wrote the book’s preface.

spychips
RFID

I first saw Spychips a few days ago in a bookstore. It looked interesting, so I snapped a quickie photo to remember it by and left. Then I read a review by Claire. Seeing as she said it had not been officially released yet, and seeing as it was on the same topic as a rant I have been saving up, I just got back from snatching it up. I read the forward by Bruce Sterling, one of my favorite authors, and I read the first chapter in the store. It seems pretty good, and an easy reader, but it?s more a book for a beginner, than one who has been reading tinfoil conspiracy for the last decade. Don?t let the last line I wrote fool you. RFID tags are a major threat to your privacy, but I don?t think you will learn much new if you have been following the story over at Slashdot.

Because I’m really interested, and because it?s such a lightweight book, it has jumped ahead of the queue, ahead of all those books I borrowed to help me customize this website. Even ahead of that mint copy of The Outlaw Gunner by Harry M. Walsh that I found at the used book store. I got to crack the spine on that book, (unfortunately, it?s the seventh printing)

Expect a good rant in a day or so.

spychips
RFID

… I give it two mutant thumbs up.