0xBADCAB1E

Yesterday, I met a friend. Nothing special about that, one little detail was different than when I met my other friends. I had never met that friend before. I knew that nice guy from the Internet, I guess I got in touch with him 6 years ago. In that time I was surfing on some hacking boards, and we exchanged jabber id’s. From that time on we stayed in contact, many things changed, there was an evolution. When I think back, I see how things are moving, going on, people getting smarter, changing their ideologies, and following different goals. Many people gave up hacking during that time, this guy, and myself are still following the same goal, we want to understand how things really work. So yesterday, eddy14, came to Bochum, and I showed him the university, the nice side, with the parcs, ice seller, girls, sun,… and the not so nice side, dark, concrete, no nature, nerds, … no girls. He was quite impressed. After we went to my place and hacked some common air card, type 3 to make it compliant with a normal PCMCIA port. Quite good result I have to admit. I can only recommend to read his blog, yesterday he released a very interessting tool but read for yourself

Not very interesting for my readers, but yeah, I wanted to write something about this event.

Kind regards,
Kabel

This is only a little update, I wrote a script to allow me to query the vrr.de (Verkehrsbund Ruhr-Rhein) page to know when the next “train” is leaving. It is a simple shell UI, that is not completely implemented yet but as I don’t seem to want to invest more time in it (and it is working for my purpose) I’ll publish it, so if you need it you don’t need to start from scratch.

Nothing special about the script, I find it quite useful and I use it as a permanent “widget” in my xmobar, so I’m always up to date when the next U35 leaves, and I don’t lose time waiting for it.

So here you go: vrr-client.tar.bz2

Yesterday, I planed to drive back to Luxembourg for the weekend. Due to the bad weather and the bad driving conditions, I finally decided to stay in Bochum.

My hacker colleagues form the University had already some plans for the weekend, and they managed to convince me to join them for a nice evening. So, my Friday night began at 18:47, with a “U-Bahn” that did not come, due to the bad weather… fortunately the next was able to pick me up, and I drove to the “Bochum Hauptbahnhof” where Joshua, a nice guy form the uni lives. tmh and h0yt3r were already there and we went to Joshuas place to have some chill-out time, with some beers, food and a movie. It was fun, until I literally exploded his chef seat :S (I bought him a new one today, knowing the time one passes on such a chair when you study at the RUB, I know I had to do it, and the faster the better).

After this we left the building at 23:00 and took the U-35 to the university. We weren’t alone, unfortunately a group of very “strange” young people were singing, and making stupid things in the train… we hoped they would get out of the train before the university. We were hoping wrong … they all got out of the train at the RUB, like we did. We were lucky, as we found out that there was another party at the uni, the Theology guys had orgnaized one too… the strange people all went there

The rest of the night, we spend chilling and listening to music in the front of the lecture halls. There were plenty of people and the ambiance was just perfect.

So, I had a great time with people I knew for quite a while (tmh, h0yt3r were people I got in touch with in my early Internet times and I was following their progress for all this time). So you see, Geeks, Nerds and whatever names people want to give us, we also socialize sometimes, and go away from our PCs, and out of our dark rooms.

As a conclusion I have to say that the party was good, but I’m not a very big fan of parties and I could not party all weekends, but for once in a while it is okay, looking forward to the next “IB-United” party!

Best regards,
Kabel

P.S: I put a new page online: “about me” The page is briefly describing the author of this blog.
If you know me:
Feel free to tell me, if you find that the description is not matching my personality.
Else If you don’t know me:
Feel free to get an impression on who I am.

Hey, as some people wanted to see my home office, here you go, please enjoy KOC: Kabel Operations Center

Sorry for the bad quality of the picture my phone cam was not able to do better.

Note that the I can operate all these laptops with only one mouse and keyboard, thanks to synergy, a TCP KVM Switch running on, at least, the 3 operating system you can see on this pictures. Furthermore, copy & paste from one OS into the next is no problem, which is providing a lot of comfort in everyday life.
I’m currently using the following operation systems:

* freeBSD 8.0. The laptop on the left, mainly monitoring servers, traffic, services etc…

* Mac OS X. Laptop in the middle and the 24″ screen. Mainly for chatting, showing pdf’s papers I have to work on and movies (This laptop is the worst thing I ever bought, you can simply not work on such a foo, but at least, I tried :’( )

* A Linux based OS. The 17″ Screen and the Thinkpad on the right. This laptop is mainly used for working and developing

You may have noticed all these lights and lava lamps etc, of course they can be piloted by the PCs you see but more on this in one of the next blog posts.

Regards,
Kabel

Soon, one of my little dreams will be fulfilled. Since I’ve known of its existence, I wanted to be a part of it, at least once!

Friday, 17:00 this event will start. I’m speaking of “The UCSB iCTF“. The iCTF is one of the oldest, most played CTF in the world. It has made its apparition on several media, especially in Germany as German universities win this challenge regularly (ENOFLAG from Berlin won last year). There I first heard of CTF competitions. I was immediately fascinated by these people understanding the machine and what it’s running in such a way that they were able to control it in a way that was not foreseen, and own other experts.

So Friday I’ll be part of the Fluxfingers team, and hope to have a good time and collect some flags. Fluxfingers got a huge amount of new members in the last weeks, so that our team will be more powerful (hopefully) that at the ruCTFe.

Anyhow I’m really looking forward to this event. Tomorrow, is a last training where I guess we will discuss the strategy and who is responsible for what and has to setup what on the vulnerable box, in order to permit more eased hacking, patching and protecting in general.

Somehow I’m also looking forward to the guys of Squareroots and the other teams. I guess this one of the parties the geeks have… other people go to discos and to the bermuda3eck… we go to university and try to understand code, while eating pizza and consuming caffeine.
In the close future I see a Syn2Cat/C3L capture-the-flag contest. Really, I think that will be a great event, too.

Best regards,
Kabel

Yesterday, there was a “Bildungsstreik” in whole Germany. Lots of things are bad, they all say. Inscription fees are too high, working conditions are too bad, Bachelor/Master system is crap… and many more.

According to the articles I read, NRW is the Bundesland in which the inscription fees are the highest, or at least, where people complain the most about it. My university is located in NRW. I’m studying at the Ruhr Universität Bochum, with over 32 000 other students. This makes the RUB one of the 10 biggest universities of Germany.

In the news, yesterday, they said that there has been people demonstrating all over NRW, they took as example Düsseldorf, and Münster. Strange, RUB was not enumerated in the universities that did demonstrations. In fact, I don’t know any person that was demonstrating at the RUB even if there had been demos organized.

I saw some tags “BUILDUNGSTREIK” (yeah, with the missing “s” …) on walls and blackboards, for myself I had too much lectures and work to take a day off, especially for some sitting around and drinking beer without any idea that actually has some minimal chance to lead to a result.

According to my research yesterday night, there are students at the RUB (or from the left activist scene that have nothing to do with the uni, like they use to call it here) that are occupying some lecture rooms. When I see, that they were 90 (!) yesterday night (taken from the infos they provided over twitter) I think the situation at the RUB cannot be that bad. 90 persons of 32 700 is not representative, and I guess you will always find 90 persons that are bored and want to do like the others…

Or, perhaps, the Bachelor/Master system is fault that nobody has time to go on strike? Rumors say that the workload of the Diplom/Magister has been squeezed in a way they fit in 3-5 years. This would explain why people were all working yesterday and nobody had time to complain </irony>

I don’t want to say that people should not go on strike, on contrary, if there is something wrong, they should. In this case I don’t find it a good way to solve the problems that exist, because there are problems, of course, I would not negate that. I simply don’t get what will be solved by the fact of occupying HZO 10 (biggest lecture room at the RUB) and through this let people like me miss lectures… because I’m sure there will be problems in the lecture I have at 12:00 in HZO 10…

Other rumors, that just reached me through a web 0.5 media, like kwisatz use to call it, is that the students occupying that room are “Dauerstudenten” which of course would also go on my nerves if I had to pay that amount of money for inscription during 10 or more years…

I will not publish any other thought about the rumors I got, on what those people are studying, except, for the people that are studing at the RUB, they are “Jenseits” which means: On the side where there is a park, girls and people enjoy their free time, and not “Dieseits” where there are only nerds, concrete and people have to use their brains every free minute in order to solve exercice sheets…

Go on strike if you want, but don’t force people to miss lectures because you are bored.

Edit: Wed – 22:03 // After having been at university the whole day, I have to say that none of my lectures got disturbed, not even the one in HZO. This is certainly a good point. I personally disliked the new tags I saw everywhere, on the walls, floors, etc… they were just simply without any fantasy. Okay, there are plenty of stupid tags at RUB, but some are cool and make me smile when I read them, “Hier könnte Ihre Werbung stehen”, “Beton brennt doch”, etc, someday I will take some photos of the best. This time, people concentrated on showing the way to HZO10, inside the buildings as well as outside… sorry, but this is really a stupid way of destroying things. Everyone at RUB knows where HZO10 is! Those tags have even no chance if you consider the art point of view… there are beautiful tags on the walls of the RUB, but the new one will never  count as one of them.

Yesterday/Today, I participated in my first academic CTF competition. The Ruhr-Uni-Bochum, has a Capture The Flag team named:”FluxFingers”. I went to their training last Wednesday and it seemed to be exactly what I was looking for, a huge amount of fun and really fit hackers.

So, a friend who also started the master in ITS at the RUB, and I went to the our first challenge, the ruCTFe. This is an extended version of the ruCTF, it open to all universities of the world, so there were really participants from everywhere, the communication wasn’t always easy as some persons were thinking Russian was the language to use (in IRC for example, or some challenges were Russian -.-)

So after one hour of delay the CTF started, looking forward, at that moment, for 10 hours of fun, exploiting, patching, documenting and all the stuff you have to do in a CTF. What happened was a totally different story… Once the image was decrypted we noticed immediately that this would not be a usual ctf. Everything was related to android, you had an emulator on which the vulnerable services had to run. The setup of the emulator, understanding how everything was intended to be, and making things run took us quite a while. Same for other teams, so that after 4 hours nobody had any flags nor service running… not really what you think a ctf is. A reboot if the vulnerable image finally made things better, nobody understood why, but that was our smallest problem, it was up an running, and we were getting defense points. We managed to be first a long time, but didn’t made it till the end.

The vulnerable sources were really hard to understand, we found some bugs, we exploited some, but it didn’t bring us much, as our best exploit was running on a service that no other team managed to start… We got some points for advisories and for defense, I think we got only one valid flag. Which was not much different for the other teams.

Squareroots managed to exploit one service and collect a huge amount of flags. We think they exploited the same vulnerability as we did, except that they had less problems to setup their android image.

I found some piece of exploits, and helped some people having problems to understand different parts of the service F (written in Python) and wrote some exploits. All in all, it was really fun. Looking forward to the next CTF, the UCSB on 4th December. FluxFingers members told me that there would be more to exploit and it would be less “who is best at setting up his linux android”

To finalize, we finished at place 12 of 43 teams. All German universities did great like usual, squareroots (Mannheim) won, 0ldEurope (Aachen) was a great target to test my exploits , but they had a good rank at the end too. FluxFingers member were little bit disappointed by the challenge I think, they were looking forward to steal flags, not to configure android emulators.

Hello Blog,

please don’t be angry my last post was so long time ago… There has been a lot of change in my life. I finished my work at SES ASTRA TechCom. 3 month I spent there this time. It was an interesting job, even if not linked to security. I learned a lot about Unix, IP over Satellite, Python, and Networking in general.

Despite this good experience, I’m looking forward to continue my studies. In fact, next monday the lectures are starting. My career at the “Université du Luxembourg” ended also for the moment. I got my diploma in Computer Sciences and Engineering and now I will start my Master in IT Security/Networks and Systems at the Ruhr Universität Bochum (RUB).

Why Bochum? Well, driving from Luxembourg the “Autobahn” is mostly without speed limit, isn’t that reason enough? The  RUB is the 6th biggest University of Germany (32 700 Students) and has the biggest institut for IT Security of whole Europe. The Horst-Grötz Institut for IT Security.

I haven’t seen that much from Bochum till now, but what I have seen looks good. people seem nice, the city-part I’m living in is really nice and my flat is also cool.

Yesterday, I went to the hackerspace in Bochum: Das Labor. I have a little bit experience in hackerspaces, I have been in the C4 hackerspace, in the space of the CCC-Trier and of course in the fresh space of the hackerspace.lu, syn2cat, but I was really impressed by the labor. The space is just huuuuuuuge, and there were a lot of people present, soldering, hacking stuff, having fun with technology. For my part, I talked to some geeks there, very friendly persons. I met a guy that is  doing the Master I will do, and he explained me a lot of things, and gave me some hints which I appreciated a lot. Another hacker showed me his USA/Canada holiday photos and we talked a lot. The ideal place to meet the kind of persons I like. All in all, I have the impression that in the labor the focus is highly set on micro-controllers, which is something different, and interesting.