Randomdata meets IVIR

Last month Ardillo and I were invited to present a hacking workshop for non-hackers. The group, called Instituut voor Informatierecht (IViR), is affiliated with the Faculty of Law of the University of Amsterdam and contained a large amount of legal advisors, professors and students. About 30 people attended our workshop which we compiled especially for this group.

Our agenda contained a few main subjects and demos:

Workstation security

How secure is your workstation, what's the value of a password and how can you bypass these mechanisms. We showed the group how easy it is to find passwords, to crack them if they are not strong enough, how you can overwrite the password and also how to disable the password mechanism based on a DMA (Direct Memory Access) Attack.

Wireless security

Everybody is using wireless hotspots nowadays, did you remember the "FREEPUBLICWIFI" id's in the air when you were drinking your cup of coffee at a look-a-like Starbucks?
But what can go wrong, and how can you attack these systems? Well, by our man in the middle (Ardillo), it became quite clear it's easier than you though.

Breaking alarm systems

To bridge the gap between software and hardware, and to make security more "touchable" we decided to explain how wireless alarms can be hacked, bypassed and disarmed.
One of the attendees was even using the same system we used for this demo, he was quite convinced the alarm system wasn't delivering that what (where) he paid for.

DIY Arduino

After all these demos it was time to DIY, the 30 attendees joined our Arduino workshop in pairs of 2. In 1 hour everybody was able to program their own micro-controller and play around with LEDs :-)
Some even had time to build a "Knight Rider"! :-)


This workshop was of course organized for IVIR to make security and hacking more touch-able, on the other side it was great for me and Ardillo to see how a totally new public was responding to technical subjects we presented.
A few of our major conclusions:
* More than average technical skilled people, we even had people working with Ubuntu, "if then else" functions and PGP :-)
* For Arduino: Windows and serial-ports is still crap :p
* We had a lot of questions: and how do you solve this issue, we even started an idea to create easy vpn solutions. We (the techies) are still not able to create a user friendly solution and we should (more to come ;-))
* On the wireless communication part we had somebody asking about security on medical support systems, like pacemakers, insulin pumps, etc. It might be worth to investigate this, although we didn't came to an ethical solution if we find a #zeroday.

The overall conclusion:

It was well worth to do these workshops with a variety of groups, we (the techies) can learn a lot from other people and that's why we are going to search for a wider public for this type of presentations/workshops. It will enlarge the awareness, will give people the chance to understand tech and last but not least, it gives us the chance to understand what is important at a wider public.
Our focus for now is on:
- NG (Next Generation) hackers: kids in multiple ages, we should invest more time and energy in our future
- Teachers: see how the NG hackers are getting their current skills, where can we (the techies) help?
- Other acadamic's like Docters, etc. to detect more vulnerability's in our every day life's
- CEO's, to see how people on higher level of company's are aware
- Politicians: if we want to rule the world, we should at least be able to understand politics.

We would like to thank IVIR to work together, it was a pleasure!
kthxbye, Fish_ & Ardillo
- The slides of the day
- Cold boot attack explained
- Man in the Middle

Hack in The Random 2600 NL Data Box @ OHM2013

We're going to the OHM2013 camping event. At this moment we have to make some arrangements on the gear, 0xf00d and other important stuff. The organizing of our village can be followed on our wiki - OHM2013.
The HITR2NDB village is on the OHM Village page as well.

For more information about OHM2013 you van visit the OHM website

You can find our camp during ohm on the S5 spot, yes the crazy ones ;-):

Wallboard display - reverse engineering

So I got a wallboard display, power adapter, a moxa eth-rs232 converter and cable for free :-) No software, driver or whatsoever further included.

What to do with it?

Well mostly for the sake of investigation and making it work together gets me satisfied !

The final result

To not waste your time. The final result is

An online page where you can send text and effect to the wallboard.

Read the rest of the blog

Another year Randomdata at Hack in The Box (#HITB2013AMS)

Randomdata was invited again to join this years Hack in The Box' commsec village.
This years Commsec village consisted out of various hackerspaces but also some other communities like OWASP Netherlands, OHM2013 and Nikhef.
A wide range of hardware was available in the villages including 3D printers, Alarm systems, Old computers, LED's, OWASP rockets (grr!) and much, much more.

On the media side the Commsec village was a popular place to take photos, also the Dutch television was enjoying the hacky environment. HITB came in the news a lot with subjects but of course most media was interested in "old DDOS news", I'm glad we could convince them there where better subjects! You can find items on CNN, RTL Nieuws, Nieuwsuur but also the newspapers/sites had more then average attention for all the hackers.

The CTF was inspired by the game Pole position, the title was PWN position and the scoreboard was a racetrack!

One of the challenges at the CTF was supplied by Randomdata, we used one of the wireless alarms where we added a wireless sniffer and transmitter to. The challenge was to sniff the wireless signal, decode the pulses and find the "code" of the system. The easiest was to check the Randomdata wiki but the alarm was "anonymous" so it wasn't that easy. Second way was to sniff a "on" and "off" code, compare them and BOOM!

There were a lot of great talks this year; talks about aircraft hacking, failing customs, how Canon cameras can be used as spycams, and of course great keynotes!
For The Netherlands there where some hi-impact ones too:
*Wilco Baan Hofman, a friend of Randomdata and Bitlair member, was presenting a talk about alarm protocols (remember HITR2NDB?)
*Blasty presented a leak in KPN routers, I do have to say they fixed it fast and I liked their response :-)

You can find a copy of the slides at the

All in all another great HITB conference, let's hope 2014 will bring one as well!

Open dag Hackerspaces @Randomdata

De open hackerspace dag was voor ons een succes. Gedurende de dag zijn er ongeveer 20 personen langs gekomen om eens te kijken wat een hackerspace is. We hadden een 3D printer werkend die onderdelen aan het printen was voor een andere printer en een aantal bezoekers hebben wat gewerkt op een Raspberry Pi. In de middag heeft nog iemand zijn router voorzien van OpenWRT. Verder is er veel gepraat over een hackerspace en wat mensen ertoe bracht om eens een bezoek te brengen.

Ook is het Utrechts Dagblad nog even langs geweest en heeft een leuk artikel geplaatst:

Open day NL Hackerspaces

Randomdata is also joining the "Open day of the Dutch hackerspaces". Always wanted to know what hackers do and who we are? Well, this is your chance! Check out our wiki page with sample activity's. We will be open from 10:00 till 17:00 but we might stay open until late if enough people come over and would like to hang out at the space.
Message for the press: please contact us in advance.

The press release in Dutch of hackerspaces.nl:

Op 30 maart 2013 openen hackerspaces in Nederland haar deuren voor iedereen die wil weten wat echte hackers zijn en wat ze doen. Nederland telt momenteel twaalf hackerspaces.

Van vork naar iPhone-standaard, van pallet naar stoel, van eenvoudig speelgoed ombouwen naar een toonaangevend muziekinstrument, van oud laken naar kledingstuk of beamerscherm, een koffieautomaat aanzetten met je mobiel, van je WiFi-router een radio maken. Klinkt dit bekend? Dan ben je een hacker: hacken is alledaags en met de juiste mindset kan iedereen een hacker zijn. Dat laten de Nederlandse hackerspaces zien tijdens hun open dag. Vorig jaar bezochten ruim 300 mensen de allereerste open dag, wat werd gezien als een succes. Op 30 maart laten de hackerspaces opnieuw zien dat de hackergemeenschap een omvangrijk spectrum aan interesses kent, en ook een rijke historie heeft; zo komt bijvoorbeeld internetprovider XS4ALL voort uit de hackerswereld.
Vandaag de dag zijn er meer dan tien hackerspaces in Nederland: open werkplaatsen waar wordt geprogrammeerd, gesoldeerd, geknutseld en gediscussieerd. Ook worden er vaak lezingen en workshops gehouden.

Termen als ethisch hacken, knuffelhackers en vrije kennis worden graag uitgelegd. Delen van kennis, ook op technisch en ethisch vlak, wordt door veel hackerspaces gezien als een kernwaarde. “Veel projecten die in de space worden gemaakt staan ook gedocumenteerd op internet. Zo kunnen andere geinteresseerden het project hergebruiken of verbeteren”, aldus Dave Borghuis, initiatiefnemer van de open dag en oprichter van Twentse hackerspace TkkrLab. “Een simpele vraag over de werking of het maken van iets leidt snel tot samenwerking en dus kennisdeling. Dat is heel toegankelijk en heeft met meer dan alleen computers te maken.”

Hackers maken graag dingen, zo vinden oude spullen regelmatig een weg naar de hackerspace. Een motor van een oude mixer wordt bijvoorbeeld gebruikt om een autootje aan te drijven. Maar ook nog niet bestaande spullen worden zelf vervaardigd met 3D printers en andere gereedschappen, hackers maken hun eigen nieuwe electronica of schrijven hun eigen software. Allemaal gebaseerd op open en vrij beschikbare kennis die daarna volop en actief wordt gedeeld.

De open dag is een kleurrijk geheel met activiteiten door het hele land. Iedere hackerspace geeft hieraan een eigen invulling. Een willekeurige greep uit de onderwerpen die aan bod komen: producten maken met 3D printers, het gebruik van lasersnijders, workshops solderen en elektronica voor beginners, lockpicking, veilig surfen op internet en nog veel meer. Voor een overzicht van de activiteiten en openingstijden per space kan men terecht op http://hackerspaces.nl/.

Iedereen is welkom om een kijkje te nemen. Om 10:00 uur ‘s ochtends openen de deuren, om 17:00 is het dagprogramma afgelopen. Sommige spaces zijn ook ‘s avonds geopend.

Aanmelden is niet nodig, het wordt wel op prijs gesteld dat pers zich vooraf meldt.

Deelnemende hackerspaces:
Amersfoort: Bitlair
Amsterdam: Technologia Incognita
Almere: Sk1llz
Arnhem: Hack42
Den Haag: Revelation Space
Enschede: TkkrLab
Heerlen: ACKspace
Leeuwarden: Frack
Wageningen: NURDspace
Utrecht: RandomData

The Internaut Cookbook

Randomdata wrote a small piece about the space which was published
in the The Internaut Cookbook of XS4ALL. (Dutch)

Original XS4ALL page can be found here.

Randomdata goes IPv6

Since we are getting out of IPv4 space it is time to get some more nerds connected to the Next Generation IP, IPv6.
Randomdata organized in November and December some activity's to get Randomdata, participants and friends connected to IPv6.

Together with SYNACK, AK47 and Iljitsch van Beijnum gave us some history, some current and future sights of the internet.

In the meanwhile Randomdata.nl is fully v6 connected

2012 Edition of Hack In The Random 2600 NL Data Box

	.__    .__  __         ________             .______.    
	|  |__ |__|/  |________\_____  \  ____    __| _/\_ |__  
	|  |  \|  \   __\_  __ \/  ____/ /    \  / __ |  | __ \ 
	|   Y  \  ||  |  |  | \/       \|   |  \/ /_/ |  | \_\ \
	|___|  /__||__|  |__|  \_______ \___|  /\____ |  |___  /
	     \/                        \/    \/      \/      \/ 

On the 8th of this month it was time again for a real Hack In The Random 2600 NL Data box, the joined forces between Randomdata, Hack In The Box and 2600NL. 30 Invited attendees were able to gain the latest 1337 information from a great list of speakers.

First presentation of the day by Dave van der Poel about Video Surveillance. What is real and what is fiction?.The Ultimaker 3D printer is doing a fine job, thanks to Harma of Protospace/Ultimaker. She brought 2 printers by bike!.In the meanwhile SYNNACK is starting his presentation.And THERE is the place where whe pwn the basterd

The opening was done by DrWhax and Fish_ (who else :), announcing the future activities and wrapping up the last 10 months. For starters there was an update on Video Surveillance by Dave van der Poel, a nice overview about the current activities and possibilities on video surveillance. For the most of us it was, yet again, an acknowledgement of technology which can do more, gather more information and, if used wrong, be a dangerous tool for privacy. Next talk was done By Wilco Baan Hofman, he played enough with the SIA-HS alarm IP transmit protocol and cracked it, well, cracked... let's call it XOR. Next up was the coffee break and a lot of Clubmate clips where 3D printed so nobody lost his own bottle of Mate. Fresh and mate'd up, we started the live hookup of Spacenet of Randomdata by AK47. And, of course, it worked out of the box. After that it was time for some more heavy "shit", Blasty compiled a nice story of patching of binaries in memory. He didn't took the most easiest one. No, no, he had chosen a little nightmare called openssh. It worked out in a successful acceptance of his Pub key in the deamon, impressive stuff if you know what kind of hacks he needed. To finish the heavy stuff Aczid had a nice story about ELF binary debugging and anti-debugging, let's bring /proc/ a bit in to confusion! :D
To close the event we asked Winn Schwartau to give us a nice, inspiring talk, one of his main messages I remembered is about putting the right guy on the job. We (the people's) are often making the big mistake of putting a guy/girl on the job who fit the company profile, but what if he/she is autistic? Or has ADHD? No, we should first think about the quality and not focus on how strange somebody is. And let's be honest, aren't we all a bit strange? :D

We have left you guys some pictures, video and slides if you want to check out some more details.

3D printer for Randomdata: Mendel90

With all the upcoming 3D printers everywhere in the world we decided to join the "3D printer world".

Fish_ started following RD's friend Zarya on his 3D printer adventures.
After some chats and Zarya's new project, to build a Mendel90, he though it would be a smart idea to follow.
The 3D printer will give Randomdata the possibility to print parts, create cases for Raspberry PI's, etc etc.
The printer will be available for public use at Randomdata, a calculation model will be created to pay the plastics and usage of the printer. (price per meter plastic/gram etc)

For now a rough plan has been created and we started to gather/print/create/lasercut/etc parts. In the next few weeks we will build it step by step, test it, calibrate it, etc etc.
If you want to follow the 3D printing adventures you can check out our Mendel90 wiki page


Subscribe to Randomdata RSS
2013 © All rights pwned by Randomdata ;-)