0xBADCAB1E

Recently I changed the name of my blog to: 0xBADCAB1E (it will be reachable over 0xbadcab1e.lu soon too)
So, why did I chose this name?
I picked this name because I found it a good characterization of my life/hobbies:

* It is hexadecimal, quite a lot of things I do at the moment are expressed in hex, for example in cryptography which is part of my everyday life. All in all the hexadecimal system is quite present in computer sciences, and I like it!

* 0xBADCAB1E is an error code:“0xBADCAB1E (“bad cable”) Error Code returned to the Microsoft eVC debugger when connection is severed to the debugger”[1] Windows debugger, em, interesting, this might show my penchant for opensource software and show my need to disassemble things to find out how they work.

* CAB1E is hexspeak[1] for cable which is English for “Kabel”. As Kabel has been my nick for several years now, this fits perfectly.

* BAD: Well, I don’t consider myself as a being a bad person. So I guess this part of the name will stay the mystery Maybe I’ll find a good explanation for this some day.

During my last “critical infrastructures” lectures I was researching some information about attacks on the Web-Of-Trust as I am digging in this subject at the moment, of course, I’m considering the security aspect of it. Maybe this Web-Of-Trust model is exactly the candidate I’m searching for to show people how important trust is in IT as finally, everything relies on this simple principe of trust…
So during this research I came across the 0xDEADBEEF attack, searching for further information about that topic I saw some pages dedicated to hexspeak. Thats how I came to this new name, which sounds better than that boring “Kabel’s Blog” I used before.

So I hope you like it as much as I do Since this hexadecimal name has only a length of 8 chars it makes it ideal for some further usage, more on this on one of my next blog posts.

Best regards,
Kabel

[1]: http://en.wikipedia.org/wiki/Hexspeak

I want to announce the HaxoGreen 2k10 camp in my blog as well. So what is this camp about, a short description;

“HaxoGreen 2010 is the second iteration of the annual four-day outdoor camp in early summer 2010 organized by C3L and syn2cat. This rather informal and cosy camp takes place from July 22nd till July 25th 2010.”

It’s our second camp, planning is already in progress and it works quite well. I’m optimistic that we’ll manage to provide a great camping location, facilities as well as talks and hacks. More information can be found here

Soon, one of my little dreams will be fulfilled. Since I’ve known of its existence, I wanted to be a part of it, at least once!

Friday, 17:00 this event will start. I’m speaking of “The UCSB iCTF“. The iCTF is one of the oldest, most played CTF in the world. It has made its apparition on several media, especially in Germany as German universities win this challenge regularly (ENOFLAG from Berlin won last year). There I first heard of CTF competitions. I was immediately fascinated by these people understanding the machine and what it’s running in such a way that they were able to control it in a way that was not foreseen, and own other experts.

So Friday I’ll be part of the Fluxfingers team, and hope to have a good time and collect some flags. Fluxfingers got a huge amount of new members in the last weeks, so that our team will be more powerful (hopefully) that at the ruCTFe.

Anyhow I’m really looking forward to this event. Tomorrow, is a last training where I guess we will discuss the strategy and who is responsible for what and has to setup what on the vulnerable box, in order to permit more eased hacking, patching and protecting in general.

Somehow I’m also looking forward to the guys of Squareroots and the other teams. I guess this one of the parties the geeks have… other people go to discos and to the bermuda3eck… we go to university and try to understand code, while eating pizza and consuming caffeine.
In the close future I see a Syn2Cat/C3L capture-the-flag contest. Really, I think that will be a great event, too.

Best regards,
Kabel

Yesterday, there was a “Bildungsstreik” in whole Germany. Lots of things are bad, they all say. Inscription fees are too high, working conditions are too bad, Bachelor/Master system is crap… and many more.

According to the articles I read, NRW is the Bundesland in which the inscription fees are the highest, or at least, where people complain the most about it. My university is located in NRW. I’m studying at the Ruhr Universität Bochum, with over 32 000 other students. This makes the RUB one of the 10 biggest universities of Germany.

In the news, yesterday, they said that there has been people demonstrating all over NRW, they took as example Düsseldorf, and Münster. Strange, RUB was not enumerated in the universities that did demonstrations. In fact, I don’t know any person that was demonstrating at the RUB even if there had been demos organized.

I saw some tags “BUILDUNGSTREIK” (yeah, with the missing “s” …) on walls and blackboards, for myself I had too much lectures and work to take a day off, especially for some sitting around and drinking beer without any idea that actually has some minimal chance to lead to a result.

According to my research yesterday night, there are students at the RUB (or from the left activist scene that have nothing to do with the uni, like they use to call it here) that are occupying some lecture rooms. When I see, that they were 90 (!) yesterday night (taken from the infos they provided over twitter) I think the situation at the RUB cannot be that bad. 90 persons of 32 700 is not representative, and I guess you will always find 90 persons that are bored and want to do like the others…

Or, perhaps, the Bachelor/Master system is fault that nobody has time to go on strike? Rumors say that the workload of the Diplom/Magister has been squeezed in a way they fit in 3-5 years. This would explain why people were all working yesterday and nobody had time to complain </irony>

I don’t want to say that people should not go on strike, on contrary, if there is something wrong, they should. In this case I don’t find it a good way to solve the problems that exist, because there are problems, of course, I would not negate that. I simply don’t get what will be solved by the fact of occupying HZO 10 (biggest lecture room at the RUB) and through this let people like me miss lectures… because I’m sure there will be problems in the lecture I have at 12:00 in HZO 10…

Other rumors, that just reached me through a web 0.5 media, like kwisatz use to call it, is that the students occupying that room are “Dauerstudenten” which of course would also go on my nerves if I had to pay that amount of money for inscription during 10 or more years…

I will not publish any other thought about the rumors I got, on what those people are studying, except, for the people that are studing at the RUB, they are “Jenseits” which means: On the side where there is a park, girls and people enjoy their free time, and not “Dieseits” where there are only nerds, concrete and people have to use their brains every free minute in order to solve exercice sheets…

Go on strike if you want, but don’t force people to miss lectures because you are bored.

Edit: Wed – 22:03 // After having been at university the whole day, I have to say that none of my lectures got disturbed, not even the one in HZO. This is certainly a good point. I personally disliked the new tags I saw everywhere, on the walls, floors, etc… they were just simply without any fantasy. Okay, there are plenty of stupid tags at RUB, but some are cool and make me smile when I read them, “Hier könnte Ihre Werbung stehen”, “Beton brennt doch”, etc, someday I will take some photos of the best. This time, people concentrated on showing the way to HZO10, inside the buildings as well as outside… sorry, but this is really a stupid way of destroying things. Everyone at RUB knows where HZO10 is! Those tags have even no chance if you consider the art point of view… there are beautiful tags on the walls of the RUB, but the new one will never  count as one of them.

Yesterday/Today, I participated in my first academic CTF competition. The Ruhr-Uni-Bochum, has a Capture The Flag team named:”FluxFingers”. I went to their training last Wednesday and it seemed to be exactly what I was looking for, a huge amount of fun and really fit hackers.

So, a friend who also started the master in ITS at the RUB, and I went to the our first challenge, the ruCTFe. This is an extended version of the ruCTF, it open to all universities of the world, so there were really participants from everywhere, the communication wasn’t always easy as some persons were thinking Russian was the language to use (in IRC for example, or some challenges were Russian -.-)

So after one hour of delay the CTF started, looking forward, at that moment, for 10 hours of fun, exploiting, patching, documenting and all the stuff you have to do in a CTF. What happened was a totally different story… Once the image was decrypted we noticed immediately that this would not be a usual ctf. Everything was related to android, you had an emulator on which the vulnerable services had to run. The setup of the emulator, understanding how everything was intended to be, and making things run took us quite a while. Same for other teams, so that after 4 hours nobody had any flags nor service running… not really what you think a ctf is. A reboot if the vulnerable image finally made things better, nobody understood why, but that was our smallest problem, it was up an running, and we were getting defense points. We managed to be first a long time, but didn’t made it till the end.

The vulnerable sources were really hard to understand, we found some bugs, we exploited some, but it didn’t bring us much, as our best exploit was running on a service that no other team managed to start… We got some points for advisories and for defense, I think we got only one valid flag. Which was not much different for the other teams.

Squareroots managed to exploit one service and collect a huge amount of flags. We think they exploited the same vulnerability as we did, except that they had less problems to setup their android image.

I found some piece of exploits, and helped some people having problems to understand different parts of the service F (written in Python) and wrote some exploits. All in all, it was really fun. Looking forward to the next CTF, the UCSB on 4th December. FluxFingers members told me that there would be more to exploit and it would be less “who is best at setting up his linux android”

To finalize, we finished at place 12 of 43 teams. All German universities did great like usual, squareroots (Mannheim) won, 0ldEurope (Aachen) was a great target to test my exploits , but they had a good rank at the end too. FluxFingers member were little bit disappointed by the challenge I think, they were looking forward to steal flags, not to configure android emulators.

Hello Blog,

please don’t be angry my last post was so long time ago… There has been a lot of change in my life. I finished my work at SES ASTRA TechCom. 3 month I spent there this time. It was an interesting job, even if not linked to security. I learned a lot about Unix, IP over Satellite, Python, and Networking in general.

Despite this good experience, I’m looking forward to continue my studies. In fact, next monday the lectures are starting. My career at the “Université du Luxembourg” ended also for the moment. I got my diploma in Computer Sciences and Engineering and now I will start my Master in IT Security/Networks and Systems at the Ruhr Universität Bochum (RUB).

Why Bochum? Well, driving from Luxembourg the “Autobahn” is mostly without speed limit, isn’t that reason enough? The  RUB is the 6th biggest University of Germany (32 700 Students) and has the biggest institut for IT Security of whole Europe. The Horst-Grötz Institut for IT Security.

I haven’t seen that much from Bochum till now, but what I have seen looks good. people seem nice, the city-part I’m living in is really nice and my flat is also cool.

Yesterday, I went to the hackerspace in Bochum: Das Labor. I have a little bit experience in hackerspaces, I have been in the C4 hackerspace, in the space of the CCC-Trier and of course in the fresh space of the hackerspace.lu, syn2cat, but I was really impressed by the labor. The space is just huuuuuuuge, and there were a lot of people present, soldering, hacking stuff, having fun with technology. For my part, I talked to some geeks there, very friendly persons. I met a guy that is  doing the Master I will do, and he explained me a lot of things, and gave me some hints which I appreciated a lot. Another hacker showed me his USA/Canada holiday photos and we talked a lot. The ideal place to meet the kind of persons I like. All in all, I have the impression that in the labor the focus is highly set on micro-controllers, which is something different, and interesting.

A long time has passed without any news on this blog. I was very busy with my studies and work.
The 18. June I defended my bachelor work, called:

Development of an automated process to execute and analyse the network behaviour of malware in a controlled environment.

As there were already a lots of request for it, and a lot of people showed interest in it, I’ll release it here. I hope you enjoy it. This work was done at the “Université du Luxembourg” and with “SES Astra” as an industrial partner.
The report has a creativecommons v3.0 license.

Download: Memoire

Feel free to contact me if you have any questions related to this work.

Last Saturday I was invited to go out with some new acquaintance. In fact at the end I only knew one person of the whole group.
We planed to go to the cinema in Luxembourg city, to watch a movie (that was not on the played any more Fail 1).
23 Minutes before I wanted to leave I got a call (Fail 2 I hate phone calls) plans were changed, we should meet at CineBelval (Fail 3 I hate plan modification in last minutes without any suitable reason).
Well, anyhow I was there 10 minutes before time. As it is usual for me, “Pünktlichkeit ist 10 Minuten vor der Zeit” a friend use to say. Well the people I should meet had more than 20 minutes delay. That makes that I was waiting for half an hour. (Fail 4 I hate people thinking they are worth waiting 30 minutes for them and then not even apologize).
Then the Fails went on… Film should start at 22:00 according to the tickets. Well at 22:00 we wanted to enter the room. The other movie wasn’t over yet. We had to wait 15 minutes in front of a closed door. We got told plenty of times that we had to wait. But guess what… it was the wrong door! Nobody was able to tell us that we are not allowed to get in through this door, until they let people in.
Then we had to enter through another door. Well, when we came in the room, maybe 30 seconds after the doors were open, immediately the lights got turned off. Great fun to find your place in that giant cinema… where there are some hundred places but mostly 30 are occupied. Never will go to that cinema again.
All in all, a lot of fails. And I didn’t mentioned that I felt really bad with this persons as they were really partly primitive… and people knowing me know that I’m very tolerant, but those people managed to make me ashamed. Last time I went out with them… for sure!

I’m not used to go out often, and mostly when I go out I make sure to meet enough geeks and nerds or other scientists, this time I didn’t. FAIL

Already 15 weeks have passed… so, yesterday my official working contract with SES Engineering ended.
The last 15 weeks were just great, I got in touch with the world of working, learned a lot of new things and enjoyed a lot of high skilled persons . I think I would really have liked to work on in this office, nice persons, good mood, skills where ever you look… I have a high admiration for these people and really hope to have their knowledge once.
So how does life goes on now for me? Well, more free time No joking, next come exams and the presentation of my bachlor work. After I will seriously search and apply for an university for next year, I already chose one or two, now I just hope they want me there…
Another thing that I will do is… working Yesterday at SES I got a contract for a 3 month holiday job, not at SES Engineering, but at SES Techcom, which have their offices one floor below the one I worked till now. My task will be a totally different, and certainly with less focus on security, nevertheless I already look forward for this job. If I get in touch with such interesting persons I got at SES Engineering SNT Team, I’ll be very happy there too
So, more on this when I work there, now first I have to focus on finalizing my studies at Luxembourg.