Now continuing my ongoing saga of trying to get the VIA EPIA 800 board to boot a Linux kernel…

I finally gave up on using Fedora. I couldn’t get any of the default installs to work and I was not looking forward to trying to cross-compile a custom kernel from my AMD64 machine to the supposed-working i586 target type that the VIA is supposed to work under.

At the suggestion of a friend I tried installing the latest version of Ubuntu. (Server edition v8.04) Initially the install failed during CD-ROM detection with a “Failed to copy file..” error. The odd thing is that the kernel would boot off the install media and I could drop to a shell and browse the contents which were mounted under /media/cdrom just fine. After searching endlessly through unanswered forum posts I finally decided to try swapping my CD as the primary master and the HDD as secondary master — this did the trick. The installation continued until finally bailing out with numerous errors about either copying, validating or uncompressing packages.

A quick reboot later and I had yet another dead installation…

I was about ready to give up when I tried a “hail mary” install of the IPCop distribution. At first glance it looked like the Fisher-Price version of my-first-firewall. (dangerous interface is labeled RED and internal network is labeled GREEN)  But after closer inspection it looks like it is built on a solid platform. The kernel is compiled for a compatible instruction set for the VIA EPIA C3 by default apparently because after a fairly painless install with only one hiccup** I had a working kernel on the hardware.

**Note: for whatever reason (my guess is it is formatting related) the install takes forever to setup the “logging” partition. I thought it was hung, but was frustrated and after taking a break to go eat dinner and letting it run I came back and it had continued through to the rest of the install.

Turns out there are some changes going on this year for Defcon badge hackers. Joe Grand, designer of the badge for the last 3 years has announced plans to pre-release some of the specs of this years design before the conference. (traditionally the badge details have been a big secret and eagerly anticipated until opening day)

This was a concern to me… There is a contest centered around the best “hacks” of the badges and, in previous years, the winners received a coveted “black” badge (correction, see comments) which (in addition to being really cool) also allowed lifetime entrance into Defcon.

Ever since I found this out last year I’ve been obsessed with winning one…

I sent Joe a message directly asking if they would continue this and received this response… “I’m not sure if DT is planning to this year.”

AHH! it’s not even that I can’t afford to buy my way in every year, it is just my own personal pride that drove me to want to win this contest. See… part of the “cool-factor” for me personally was being able to source the parts necessary and put it all together at the conference and not in the comfort of my home. This, in my opinion gets to the true nature of hacking — resourcefulness, ingenuity and function before form — the way our hobby started.

Joe encouraged me to still submit this year regardless of the changes… so in keeping with the spirit of the event I plan to continue with my idea even with the changes. I’m still keeping the details under wraps for now, but keep an eye here for more information once I pick everything up opening day…

Until that time, I will be updating this entry with the leaked details as I discover them:

Defcon 2008 badge details:

• Freescale Flexis MC9S08JM60 processor
• LED integration: “Yes, there are a few 0603 LEDs on board” [1]
• SDCard integration: “Bring an SD card for maximum enjoyment and benefit” [1]

…and predictions from me: (as I brainstorm them)

• the uC supports infrared, and Joe has mentioned it. I predict some sort of communication between badges over infrared. The badges haven’t ever talked to each other (that I know of) and I think it would be cool to see.
• SDCard will be used to store transmitted messages. This would make perfect sense for the cards, although the recommendation for 64M sounds huge, so I’m wondering what exactly we are going to be exchanging.

Stay tuned for updates until I get my hands on mine opening day this year…

I just read that WordPress hosted (the location of this blog) now supports mobile posts from iPhones. This is awesome for me as I have A) lots of commuting time on trains, buses and subway cars to think up crazy ideas and B) own a first-gen hacked to the T-Mobile network.

In honor of these added features, I made this post over my iPhone - look for more frequent updates (albeit a bit shorter and less flashy when mobile) in the future….

I wanted to point out a new article that is in my shared RSS section right now on improved clock-skew techniques. When this first came out I heard a lot of talk about how it was too “theoretical” or obscure to be considered much of a threat…

It is important to remember that when buffer overflows really first hit the mainstream, many people also considered it too obscure or difficult to be useful. But now that our understanding of them has grown, we have things like the Metasploit archive that even the script kiddies can cut-and-paste from to their hearts delight.

This research is based on a sound problem - that being that crystal oscillators can vary slightly due to load induced temperature variances. I think it is an exciting topic if only because of the fact that it mixes hardware and software (which I get a big kick out of) but also because the implications to cryptography are very real if it can be reliably leveraged…

I have been frustrated time and time again by my Linksys combo router/gateway device. While it normally works OK, it lacks a lot of the configuration and functionality of a “real” firewall and gateway device and I worry about the shady TCP/IP stack implementation Cisco came up with. This article will document the process of building up a VIA mini-itx board as a dedicated firewall/gateway device for my home network…

First-thing-first, this project has ended up being a major pain. It was not smooth by any means…

The platform I chose to go with was an EPIA mini-itx motherboard with a VIA chipset. These are very small form-factor boards with much of the same functionality of bigger systems. This specific model is a C3 800mhz processor which supports up to 1Gb of onboard RAM. The product documentation says it boots via USB, but do not trust it. The implementation is extremely flawed. The specific BIOS version I have only had options for USB-FDD and USB-ZIP, neither of which worked with my bootable USB linux distro’s. I even tried fdisk’ing the USB key *exactly* to the specifications of the partitions for the USB-ZIP implementations… and still no luck.

Recent versions of VIA’s boards supposedly fix these headaches, but you have been warned…

The single network port will connect to the internal network and the external interface will be done through USB to the cable modem. The board does not support USB 2.0 but I do not think this will prevent me from using it.

Power will come from the PicoPSU devices which plug directly into the ATX connectors on the motherboard. These slick little devices take 12v power from a standard 5mm barrel connector and convert it for use on the board and accessories. I purchased a 12v 100w LCD power adapter to provide the juice to the PicoPSU and it seems to work just fine. The fact that these devices are fanless also make for very silent operation.

Note that your AC Adapter must supply the minimum Amps for the PicoPSU or it will never boot your board. I learned this the hard way after trying a hundred old wall-warts I had laying around.

Additionally, the PicoPSU cannot dissipate the power necessary for driving alot of accessory drives like full-size CDRom’s, etc… this leaves you with very few options for installing your OS if you have been keeping track.

Storage will be done off of a 40GB Toshiba HDD. I got one from an old laptop off ebay and it works just fine.

All of this will be placed in a mobile-computing mini-itx case (also obtained via eBay) and mounted securely to a plywood mount on the wall of my wiring closet. I picked everything up off eBay for about $200.

So far, so good on hardware — I’m to the point of installing Fedora and its proved a difficult challenge…

Although I am not part of the “Black Hat Bloggers Network” (I wasn’t even aware that there was one) I noticed this post over at www.stillsecureafteralltheseyears.com (which also wins the award for longest security related domain name) titled - Why go to Blackhat?

Since this will be my third year attending I felt experienced enough to answer:

Here is why I go to BlackHat (and what I stay away from):

- Training: my company offers one paid training session per year (typically) and I want the absolute best for my (and the company’s) dollar. Very few other conferences offer the quality of BlackHat - with CanSecWest being a notable exception.

- Topics: I’ve noticed over the years that BlackHat topics give a good “state-of-the-union” of the security industry. You get to see the familiar names and what they have been, or are, working on. Depending on what tools, talks, books, etc… are being discussed you generally know what the major threat areas are and can pick out who is winning and who is losing in the infosec battle.

- Vendors: I do not go for vendors. They are great for the parties, but I’ve seen it turn into more of a status thing over the years - “Oh, you don’t have a pass to the Microsoft party — oh, you must not be of the *in* crowd” (give me a break!) I can get just as drunk with 3 of my friends than I can with all of the Microsoft Security Team… don’t be one of these guys… as a side note, I still owe Cisco a remote root advisory in IOS for locking me out of *MY* club for their private party at Wet in Caesars last year

- Books: They are cheaper at Amazon. Don’t fall for paying full price at the table. I will say “authors” though, because quite a few have come up to chat when I picked up their publications while standing around the table. (Hi Pedram) And I can get a better feel in 5mins of talking to them whether it is worth reading.

- Coworkers: Security is a close knit group, we all know each other. BlackHat is one of the few (only) places that I can catch up with people I haven’t seen in awhile. It is the one week out of the year that 90% of the fun assessment guys are not being contracted out.

- Vegas: Been there done that… I wish someday they would choose another venue, but I realize there are always “first-timers” that haven’t been and would lament them moving it. Morality aside, if you do not like dealing with the party crowd, for gods sake, get out of there before the weekend crowds come.

- Vacation: it is the only “vacation” I take throughout the year…

…and a bonus:

- Defcon: go to defcon, its free anyway if you went to BH and it is a completely different crowd. It gives a well-rounded view of what being a “h4×0r” is and is not… plus, the badges kick ass!

I’ve added a new feature here. Sometimes I find things that are interesting, but off topic for the blog. (they fall outside of the technology/hardware/hacking realm or are re-hashes of other people’s work) In order to still share these little gems, but keep the pages here on-topic I’ve added the “My Shared RSS” section on the right-hand sidebar. These are listings of items that I have marked as share-able in my google RSS feed list. Many of them will be quite intriguing little things I’ve found, but have decided (for one reason or another) are better being linked to off site, than me opening a post here on… I hope you will check them out and enjoy…

A funny photo indeed… This latest image from the home page of the NASA Phoenix mission reveals the secret evidence many people have hunted for clues on for so many years. Where is Bigfoot?

Apparently we now know why he has avoided detection for so long. He is obviously an interplanetary travel with a primary residence on Mars and a vacation home here on Earth. This image provides unmistakable evidence of the fact that he (or she, to be fair, since we are pretty sure they do not reproduce asexually) has been on the planet the whole time and has obviously come by to check out the latest lander craft and possibly to help NASA make some repairs here and there. (I mean, come on, do you really think they can fix these landers all the time from the control center, just fiddling on their keyboards)

I can’t wait to see the stories once the *real* conspiracy theorists get ahold of this one…

I was all ready to publish an entry last night on how horrible most of the PCB design tools I’ve used are, when today I stumbled upon the new version of Cadsoft Eagle v5.0 and OH MY! did they ever fix alot of the headaches from before.

The interface has been polished up, non-standard buttons have been changed and functionality is much more intuitive. It still has its quirks from what I have seen, but the new version shows a real leap in their development of the product. I was able to finally put together some designs that had long sat on the shelf due to my inability to figure out certain bugs in either how the software was designed, or how I was trying to use it.

I strongly suggest going and checking it out. I will be publishing another longer article soon on some new things I’ve been working on and what functionality in the new version helped me accomplish those goals. Look for the info as soon as I can get them together…

I’ve learned recently that good security testing is all too often a shadow of a larger skillset - good debugging knowledge. Because of this I’ve been following many more of the blogs of individuals on the Windows debugging and advanced troubleshooting teams and learning more about the tools they use to peer deeply into applications and systems.

Two of the programs which come up often in their troubleshooting are WinDBG and Process Explorer. Having used each extensively over the last few months I noticed a cool new (to me at least) feature in Process Explorer tonight and thought I would share it - this is the DEP and ASLR status tags.

To enable the identification tabs right-click on the column headings in the main window. This brings up a menu which allows you to select the appropriate tags…

Now you can quickly identify running programs having these features enabled. This is very similar to the information from David Maynor’s LookingGlass utility. (whose link seems to come and go in my bookmarks)

I prefer to have less applications that are more universally powerful than having to download a hundred different software utilities, each with specialized tasks, but YMMV.